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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )□ Responsive to communication(s) filed on 1 1/1 1/2009 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) D Claim(s) 1-29 and 40-51 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) Q Claim(s) 1-29.40-51 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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20 Certified copies of the priority documents have been received in Application No. . 
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application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) D Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20100129 



Application/Control Number: 10/780,252 Page 2 

Art Unit: 2434 

DETAILED ACTION 

CLAIMS PRESENTED 

Claims 1-29 and 40-51 are presented. 

Applicant has overcome the previous rejections under 35 USC 101 with 
amendments and arguments. Thus, only the rejections over the prior art are provided 
herein. 



Allowable Subject Matter 

The following is a statement of reasons for the indication of allowable subject 
matter: Applicant's claims have been amended enough to be able to guess at what 
may be allowable upon additional features. Page 5 of the specification is singled out as 
succeeding to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Yet, none of the claims have yet to claim any of this 
subject matter. The page 5 of the specification provides: 

The invention is unique in two respects -1. Technology: Monitoring and analysis is 
based on trending and anomaly detection at the information or content-level. There 
have been earlier applications of anomaly detection, but for lower-level activities such 
as intrusion detection (network-layer or system-layer), or for specific application activity 
monitoring such as transaction monitoring (credit cards). Information content layer 
activities are much broader and complex than network-layer or system-layer activities. 
2. Application: The current invention has several unique risk assessment applications in 
the information content security arena, a. Unauthorized Information Disclosure: The 
invention can detect anomalies based on correlation of information flow, users, and 
time. These anomalies can be used to discover "unauthorized information disclosures" 
from confidential information repositories, without requiring to know the specific type of 
information being disclosed, b. Content Usage Analysis: The invention can analyze 
content usage and classify content based on rare information exchanges versus 
common and widely shared information exchanges. This can lead to discovery of 
"critical" information assets within the organization. 
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Yet, none of the claims have yet to claim any of this subject matter. Merely 
claiming "application layer" would directly lead to being covered by "specific application 
activity monitoring" which is clearly a prior art according to page 5 (and according to 
actual facts of the art of security). The claims need to recite "entirety of application 
layer, said entirety of application layer without any application-specific limits." 

The art listed in the specification (at the bibliography in the last pages) amply and 
redundantly show that prior art did indeed (well known even without page 5 of the 
specification) already have the Unauthorized Information Disclosure and the Content 
Usage Analysis as also noted in page 5. Because the prior art did indeed (well known 
even without page 5) already have the Unauthorized Information Disclosure and the 
Content Usage Analysis as also noted in page 5, the claims can never be allowed 
without overcome the admissions against art at page 5 of the specification of this 
application. Thus: merely claiming "application layer" would directly lead to being 
covered by "specific application activity monitoring" which is clearly a prior art according 
to page 5 (and according to actual facts of the art of security). The claims need to recite 
"entirety of application layer, said entirety of application layer without any application- 
specific limits." At the moment, none of the claims have yet to claim any of this subject 
matter. 

CLAIM REJECTIONS 

Claim Rejections - 35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that form 
the basis for the rejections under this section made in this Office action. 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

Claims 1-29 and 40-51 are rejected under 35 U.S.C. 102(a) as being clearly 
anticipated by admissions over the prior art. 

For the sake of readability and brevity, the following paragraphs do not fully 
detail the undisputed issues. For the undisputed issues regarding the rest of the 
limitations of the claims, see the previous Office Actions. 

The prior art, as discussed in the specification (and not merely discussed in 
the first few pages), refer to the previous types of analysis of anomalies. These 
anomalies, as noted by Applicant, already had packet analysis, real-time functioning, 
and changing content. Indeed, as Applicant noted, there is an entire body of 
knowledge regarding these matters. See, for instance, the entire bibliography of 
books and articles that Applicant has cited in the specification. 

Page 5 of the specification is singled out as succeeding to particularly point out 
and distinctly claim the subject matter which applicant regards as the invention. Yet, 
none of the claims have yet to claim any of this subject matter. The page 5 of the 
specification provides: 

The invention is unique in two respects -1. Technology: Monitoring and analysis is 
based on trending and anomaly detection at the information or content-level. There 
have been earlier applications of anomaly detection, but for lower-level activities such 
as intrusion detection (network-layer or system-layer), or for specific application activity 
monitoring such as transaction monitoring (credit cards). Information content layer 



Application/Control Number: 10/780,252 
Art Unit: 2434 



Page 5 



activities are much broader and complex than network-layer or system-layer activities. 
2. Application: The current invention has several unique risk assessment applications in 
the information content security arena, a. Unauthorized Information Disclosure: The 
invention can detect anomalies based on correlation of information flow, users, and 
time. These anomalies can be used to discover "unauthorized information disclosures" 
from confidential information repositories, without requiring to know the specific type of 
information being disclosed, b. Content Usage Analysis: The invention can analyze 
content usage and classify content based on rare information exchanges versus 
common and widely shared information exchanges. This can lead to discovery of 
"critical" information assets within the organization. 



Yet, none of the claims have yet to claim any of this subject matter. Merely 
claiming "application layer" would directly lead to being covered by "specific application 
activity monitoring" which is clearly a prior art according to page 5 (and according to 
actual facts of the art of security). The claims need to recite "entirety of application 
layer, said entirety of application layer without any application-specific limits." 

The art listed in the specification (at the bibliography in the last pages) amply and 
redundantly show that prior art did indeed (well known even without page 5 of the 
specification) already have the Unauthorized Information Disclosure and the Content 
Usage Analysis as also noted in page 5. Because the prior art did indeed (well known 
even without page 5) already have the Unauthorized Information Disclosure and the 
Content Usage Analysis as also noted in page 5, the claims can never be allowed 
without overcome the admissions against art at page 5 of the specification of this 
application. Thus: merely claiming "application layer" would directly lead to being 
covered by "specific application activity monitoring" which is clearly a prior art according 
to page 5 (and according to actual facts of the art of security). The claims need to recite 
"entirety of application layer, said entirety of application layer without any application- 
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specific limits." At the moment, none of the claims have yet to claim any of this subject 
matter. 

Conclusion 

The art made of record and not relied upon is considered pertinent to applicant's 
disclosure. The art disclosed general background. 

Points of Contact 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington, D.C. 20231 

or faxed to: 

(571) 273-8300, (for formal communications intended for entry) 
Or: 

(571) 273-3836 (for informal or draft communications, please label "PROPOSED" or 
"DRAFT") 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David Jung whose telephone number is (571) 272-3836 
or Kambiz Zand whose telephone number is (571 ) 272-381 1 . 



/David Y Jung/ 

Primary Examiner of Art Unit 2434 
David Jung 

David Jung 



Patent Examiner 
2/23/10 



